Businesses beware: ransomware is back and the attacks are more complex and costly than ever. Ransomware campaigns targeting businesses rose in January-March 2019, compared to October-December 2018. Businesses also typically paid out more to the groups behind ransomware to retrieve their files, while infections caused more downtime, on average than during the previous quarter.
These trends – highlighted in research from a range of vendors – represent a continuation of worrying circumstances identified in a Telstra report released last year. The report found ransomware was on the rise and was increasingly targeted. Nearly one third – 31% – of Australian respondents whose businesses had been interrupted by a security breach in the past year were experiencing ransomware attacks on a weekly or monthly basis. This was the highest of all countries surveyed.
These findings highlight the importance of vigilance and preparedness in protecting networks and data. This means educating your workforce and working with partners, customers and participants in your supply chain to avoid clicking on suspect email links or attachments. Ransomware groups often incorporate text in these emails that aim to trick people into clicking quickly on these malicious links or attachments.
Other steps your business should take include ensuring anti-malware products are implemented and up to date and taking regular backups that are then stored in isolated locations. Your business should also document the steps to be taken and the responsibilities of individuals and teams in the event of a ransomware infection. These measures will help minimise loss and disruption.
At FirstWave, we provide email and web security solutions featuring advanced malware protection to help businesses avoid falling victim to ransomware and other attacks. For example, our Cloud Email Security product provides advanced, feature-rich and configurable cloud email security services for businesses – powered by our cloud email content security and analytics platform technology. If you would like to learn more, please contact email@example.com.
The global cybersecurity insurance market is growing quickly and is expected to reach more than $20 billion within the next few years. Businesses are increasingly seeking insurance coverage as the number of breaches affecting sensitive customer or corporate data or disrupting systems and operations, increases. Rising reliance on technology to connect with consumers, partners and other stakeholders, the takeup of cloud, mobile, Internet of Things and other models, and the growing sophistication of cyber attacks are all combining to increase cybersecurity risk.
In this environment, board members and senior management teams are shouldering greater responsibility – and in many cases liability – for cybersecurity. For directors and managers, this means dumping traditional perspectives that cybersecurity is the province of the technology team and taking a proactive, organisation-wide approach to minimising cyber risk.
Discharging this responsibility means implementing a comprehensive cybersecurity program that incorporates a range of measures to reduce risk. According to the Australian Government’s business.gov.au website, these measures may include updating all passwords to passphrases that swap letters for symbols and use different spelling; using password managers to securely store and generate passwords; using business-grade cybersecurity software; backing up systems and files to portable hard drives; and seeking help from IT professionals if systems are infected by malware such as ransomware.
The website also recommends businesses talk to insurance brokers or insurers about options for reducing cybercrime risk.
However, businesses should not only tighten their defenses against external attacks. Internal attacks and employee errors can also threaten the integrity of customer and corporate data, as well as key systems. Boards and senior management teams should also become aware of these risks and ensure comprehensive plans are in place to mitigate them. Some issues that may be covered by these plans include implementing role-based access to systems and data – meaning workers only access what they need to do their jobs – and educating workers about how to manage data securely. Adopting these plans can further help businesses reduce risk and consequently lower their cybersecurity insurance premiums. In addition, these plans can also minimise the likelihood of incurring the regulatory and reputational penalties of a cybersecurity breach
According to a new research report by Global Market Insights, the global cybersecurity market is set to grow from its current market value of more than $120 billion to over $300 billion by 2024.
This growth is driven by businesses increasing need to minimize security risks and to build and protect trust, both from within organisations and without. As enterprises globally evolve and shift their business capabilities to cloud computing platforms and other networking technologies, they are becoming more vulnerable to various cyber-attacks. To prevent such attacks organisations are seeking cybersecurity technology that addresses ransomware, phishing, malware and other kinds of cyber assaults as the global average cost of a data breach is up 6.4 percent over the previous year to $3.86 million.
At the recent RSA Conference in San Francisco in March, which brought some of the biggest names in cybersecurity together under one roof, discussed the leading trends impacting the industry. One trend dominated the discussions over the four-day event, and that was that "We are not just protecting data and applications and infrastructures," RSA President Rohit Ghai said. "We are in the business of protecting trust."
Covering the RSA conference, Tony Kontzer said, “And in an age of advanced technology, that trust has to extend endlessly, because tech has enabled us to reach across the globe in an instant to connect with total strangers. Or, conversely, to pluck funds from their bank accounts or chip away at their reputations.”
One of the key drivers contributing to the exponential growth of the cyber security market globally is the increase in access and affordability of numerous mobile devices as well as the advancements in the connectivity infrastructure. This expansion is driving the adoption of smart devices across enterprises and consumers, simultaneously, increasing the number of cyber-attacks on mobile devices, which increased by over 40% with an average of over 1.2 million attacks per month.
Over the next five years, the identity and access management (IAM) market is expected to grow at a compound annual growth rate (CAGR) of over 17%. The public sector is key to fuelling this growth with increased cyber-attacks on state and federal bodies and the increased need to assure trust between civilians and their governments when it comes to outside influences on election results.
As the adoption of IoT devices and the use of email and web-based applications continues to grow, the infrastructure protection market is also expected to grow considerably leading up to 2020. The need for individuals to be able to trust that organisations are storing their information securely has never been more important, especially since the Marriott incident that saw half a billion customers data stolen including their names, addresses and passport numbers.
While the West Coast of the US continues to attract VC investments of up to $2.5 billion in cybersecurity companies globally, the East Coast of the US and the rest of the world are steadily increasing their investments in the industry. Israel, the UK, and China are driving most of the foreign investment outside of the US, with Israel leading the way.
Accorind to With so much personal data captured and stored by businesses and government agencies, cyber-security – the protection of systems and data from malicious individuals – is becoming more and more important. Breaches can have damaging reputational, legal and financial consequences for businesses and agencies, while individuals may lose money and have their digital identities stolen.
Despite these impacts, not a month seemingly goes by without news of a massive breach. For example, an attack on Facebook last year saw hackers steal the names, contact details and other information about 29 million users worldwide – including 111,813 Australian users. More broadly, the Office of the Australian Information Commissioner’s October-December Notifiable Data Breaches Quarterly Statistics Report revealed the Office received 262 notifications of breaches – 64% of which could be attributed to malicious or criminal attacks.
According to Cybersecurity Ventures, cybercrime is expected to cost the world USD$6 trillion annually by 2021.
In this environment, a career spent safeguarding data and systems is an exciting option. According to Deakin University, cyber-security roles include information security officer, cyber security consultant, penetration tester and others. Demand for cyber-security specialists is skyrocketing – a recent AustCyber report revealed that a shortfall in the cyber-security workforce was costing more than AUD$400 million in lost wages and that Australia would need an additional 17,600 cyber-security workers by 2026.
Moving into cyber-security is comparatively easy for workers in related fields, such as software engineers and programmers. However, people in unrelated fields or who are completing an education may look instead to University degrees, information security certifications or other courses to gain a foothold in the industry. A range of certifications are also available to help people already in the industry build and demonstrate their skills.
Top cyber-security certifications available include Certified Ethical Hacker; Certified Information Security Manager; CompTIA Security+; Certified Information Systems Security Professional (CISSP); and GSEC: SANS GIAC Security Essentials.
Cloud security specialist FirstWave is always looking for smart, motivated people to join its engineering team. Based in North Sydney, FirstWave protects businesses and government organisations from risk by providing access to advanced, cloud-based cyber-security solutions.